I have an issue where I need to be able to have a compiled exe ( .net 3.5 c# ) that I will make copies of to distribute that will need to change a key for example before the exe is sent out. I cannot compile each time a new exe is needed. This is a thin client that will be used as part of a registration process. Is it possible to a...
In one of my classes there is a public static String member and I need set this value in the applicationContext.xml! That is, is it possible for us to inject a value for this static property? ...
Project is now on github and here is the link to my issue I successfully compiled the whole thing and able to run rejector and rejectee separately. But the injector will crash the injectee when injecting code to the target process. mach_inject_test_injectee.app 's standard output: mach error on bundle load (os/kern) successful mach err...
Let's say I have a php file, test.php with 2 functions: test1() and test2(). If I have an external php file, index.php, with include(test.php) in its code. If in the index.php file has a reference to test1() but not test2(), is there any way that someone would be able to execute test2() by doing something malicious while using the index...
I'm trying to dynamically spawn a video element on a page using JavaScript. JavaScript <script type="text/javascript"> $(document).ready(function() { var video = $(document.createElement('video')) .attr('id', 'VideoElement') .attr('controls', 'controls') .attr('src', 'videopath.mp4') // Changed 'href' attribute to '...
I have written a small bash script called "isinFile.sh" for checking if the first term given to the script can be found in the file "file.txt": #!/bin/bash FILE="file.txt" if [ `grep -w "$1" $FILE` ]; then echo "true" else echo "false" fi However, running the script like > ./isinFile.sh -x breaks the script, since -x is inter...
Is it, in any way, possible to disable the browsers execution of script inside a block/section/element ? My scenario is, that I'm letting my (future) users create "rich content" (using CK-editor). Content that wil later be shown to other users - with all the dangers that imply: xss, redirection, identity theft, spam and what not... I'v...
I have a contact form on my website, and everything works like a charm. I am using a anti-injection validation script, that I suspect is supposed to send a notification when somebody attempts to use header injection. I have tested this thouroghly and cannot determine why it will not notify me on the event of an abuse. The script is below...
Hi, Based on user's preferences I inject into my application a jason_encoded(translation array) which is later converted to javascript object and used by the application. Which, in your opinion, is the better way to do it? Solution 1: <head> <script type="text/javascript" src="lang.php"></script> </head> Solution 2 (code is execu...
Are there ways to prevent, or make it difficult enough, for someone to inject Javascript and manipulate the variables or access functions? A thought I had is to change all var names randomly on each reload so the malware script would need to be rewritten every time? Or are there other less painful ways? I understand that eventually some...
I'm trying to do some validation of complex constraints on Hibernate entities in a JBoss JEE system. For that purpose, I need my validator (whether it be an actual JSR303 validator or just an EntityListener for PrePersist/PreUpdate/PreRemove) to have access to my DAO beans. Much perusal of JSR303 stuff doesn't give me any indication that...
I am trying to create an automated program in Python that deals with Flash. Right now I am using Python Mechanize, which is great for filling forms, but when it comes to flash I don't know what to do. Does anyone know how I can interact with flash forms (set and get variables, click buttons, etc.) via Python mechanize or some other pytho...
I want to call SHFileOperation using code injection. My code works fine while calling simple functions like MessageBox from user32.dll, but won't while calling ShFileOperation from shell32.dll. I'll post the part of the code that I think has the problem. I know the problem is in the struct implementation. Here is the image of RemoteInf...
I am working with a few .Net 4.0 webforms controls such as the Menu control and while I think it's great that I can now declare the way in which controls are rendered (i.e. as either tables or divs), I can't switch off the automagically-included javascript that manages the hover events for those controls, for example: new Sys.WebForms.M...
Hi all, I was trying to use YUI grid and i noticed something weird coming up on my webpage: <img id="fvdkoff-target-image" style="border: medium none ; margin: 0px; position: relative; visibility: visible; color: transparent; z-index: 2147483647; left: 424px; top: 274px;" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAUCAYAA...
Hi all, I cannot seem to be able to inject a Seam component inside the @Create method. I cannot find in the documentation any hint that this is not possible, which would verify whether I am making a mistake or not. Is it possible to inject inside the @Create? Cheers! ...
Hi there, I'm trying to get the handle to the process which loaded a dll from the dll. My approach is: in DLL_PROCESS_ATTACH I call EnumWindows(EnumWindowsProc,NULL); my EnumWindowsProc implementation is the following: BOOL CALLBACK EnumWindowsProc(HWND hWnd, LPARAM lParam) { if(GetCurrentProcessId() == GetWindowThreadProcessId(hW...
I have a class like so, that I create myself somewhere in my code: class StarryEyes { @Inject MyValidator validator; public StarryEyes(String name) { //.. } public doSomething() { // validator is NULL } } I want Guice to inject an instance of validator, which has a @Singleton annotation. I have a module th...
In my project, I do duplicate validation at the presentation layer as well as the persistence layer with the hope to increase security. So my question is: can standard JSF validation prevent code injections. <h:inputText id="name" value="#{bean.customer.name}" required="true" requiredMessage="Validation Error: Value is required." title=...
As i clearly mentioned above, I would be glad to hear your ideas about that. btw, some other ones say; "call Component.getInstance(Facade,true) from your inner class." However, I dont understand it actually.. Thanks ...